Overview

overview

10

Static

static

10

3629444779...c6.exe

windows7_x64

10

3629444779...c6.exe

windows10_x64

10

Analysis

  • max time kernel
    154s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    03-10-2021 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3629444779e7e4fb9a023cda4f1473c6.exe

  • Size

    32KB

  • MD5

    3629444779e7e4fb9a023cda4f1473c6

  • SHA1

    6dbc84ad7cd111eb34ef3c30186f5afc86304749

  • SHA256

    647b62057e0fce41fd1b3d7f4c99a834da671e36f4c72eb03bec9e7a34b24b35

  • SHA512

    f74cc0f1e19be519b1c25039531eac401582d2afae520d4cd4e4dfb930e55f9dab1be812869acec2e830e03a586905d428f1ae550cb3a787e253d49568147c11

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata
  • Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3629444779e7e4fb9a023cda4f1473c6.exe
    "C:\Users\Admin\AppData\Local\Temp\3629444779e7e4fb9a023cda4f1473c6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1824-60-0x0000000075D51000-0x0000000075D53000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1824-61-0x0000000000250000-0x0000000000251000-memory.dmp
    Filesize

    4KB

    Download